Berin Szoka is president and founder of the tech policy think tank TechFreedom. The group promotes a wide variety of digital rights and privacy issues. Most recently, they have started a petition demanding reforms to the Electronic Communications Privacy Act (ECPA) so that law enforcement will have to get a warrant before accessing emails stored in the cloud. With so much attention paid to the NSA snooping, Berin believes that the over 25-year-old ECPA has been overshadowed and is in dire need of changes. Mr. Szoka has agreed to answer your questions about privacy and government policy online. As usual, ask as many as you'd like, but please, one question per post.
Check out SlashCloud for the latest in cloud computing.
Nerval's Lobster writes "Microsoft will encrypt consumer data and make its software code more transparent, in a bid to boost consumer confidence in its security. Microsoft claims that it will now encrypt data flowing through Outlook.com, Office 365, SkyDrive, and Windows Azure. That will include data moving between customers' devices and Microsoft servers, as well as data moving between Microsoft data-centers. The increased-transparency part of Microsoft's new initiative is perhaps the most interesting, considering the company's longstanding advocacy of proprietary software. But Microsoft actually isn't planning on throwing its code open for anyone to examine, as much as that might quell fears about government-designed backdoors and other nefarious programming. Instead, according to its general counsel Brad Smith, "transparency" means "building on our long-standing program that provides government customers with an appropriate ability to review our source code, reassure themselves of its integrity, and confirm there are no back doors." In addition, Microsoft plans on opening a network of "transparency centers" where customers can go to "assure themselves of the integrity of Microsoft's products." That's not exactly the equivalent of volunteers going through TrueCrypt to ensure a lack of NSA backdoors, and it seems questionable whether such moves (vague as they are at this point) on Microsoft's part will assure anyone that it hasn't been compromised by government sources. But with Google and other tech firms making a lot of noise about encrypting their respective services, Microsoft has little choice but to join them in introducing new privacy initiatives."
tramp writes "The National Security Agency is gathering nearly 5 billion records a day on the whereabouts of cellphones around the world, according to top-secret documents and interviews with U.S. intelligence officials, enabling the agency to track the movements of individuals — and map their relationships — in ways that would have been previously unimaginable. Of course it is 'only metadata' and absolutely not invading privacy if you ask our 'beloved' NSA." Pretty soon, the argument about whether you have in any given facet of your life a "reasonable expectation of privacy" may take on a whole new meaning. Also at Slash BI.
chicksdaddy writes "Cyber attacks on 'connected vehicles' are still in the proof of concept stage. But those proofs of concept are close enough to the real thing to prompt an inquiry from U.S. Senator Ed Markey, who sent a letter to 20 major auto manufacturers (PDF) asking for information about consumer privacy protections and safeguards against cyber attacks in their vehicles. Markey's letter, dated December 2, cites recent reports of 'commands...sent through a car's computer system that could cause it to suddenly accelerate, turn or kill the breaks,' and references research conducted by Charlie Miller and Chris Valasek (PDF) on the Toyota Prius and Ford Escape. 'Today's cars and light trucks contain more than 50 separate electronic control units (ECUs), connected through a controller area network (CAN) ... Vehicle functionality, safety and privacy all depend on the functions of these small computers, as well as their ability to communicate with one another,' Markey wrote. Among the questions Markey wants answers to: What percentage of cars sold in model years 2013 and 2014 do not have any wireless entry points? What are automakers' methods for testing for vulnerabilities in technologies it deploys — including third pressure technologies? Markey asks specifically about tire pressure monitors, bluetooth and other wireless technologies and GPS (like Onstar). What third party penetration testing is conducted on vehicles (and any results)? What intrusion detection features exist for critical components like controller area network (CAN) buses on connected vehicles?"
binarstu writes "Suzanne Nossel, writing for CNN, reports that 'a survey of American writers done in October revealed that nearly one in four has self-censored for fear of government surveillance. They fessed up to curbing their research, not accepting certain assignments, even not discussing certain topics on the phone or via e-mail for fear of being targeted. The subjects they are avoiding are no surprise — mostly matters to do with the Middle East, the military and terrorism.' Yet ordinary Americans, for the most part, seem not to care: 'Surveillance so intrusive it is putting certain subjects out of bounds would seem like cause for alarm in a country that prides itself as the world's most free. Americans have long protested the persecution and constraints on journalists and writers living under repressive regimes abroad, yet many seem ready to accept these new encroachments on their freedom at home.'"
cagraham writes "Startup Swarm Mobile intends to help physical retailers counter online shopping habits by collecting data on their customer's actions. Swarm's platform integrates with store's Wifi networks in order to monitor what exactly customers are doing while shopping. In exchange for collecting analytics, shoppers get access to free internet. Swarm then send reports to the store owners, detailing how many customers checked prices online, or compared rival products on their phones. Their platform also allows stores to directly send discount codes or coupons to shopper's phones."
Pseudonymous Bitcoin creator Satoshi Nakamoto (whether that name represents one person or several) is believed to hold many millions of dollars in Bitcoin. Various attempts have been made to pin down Nakamoto's identity; the IB Times reports today that a (sadly anonymous) analysis points to George Washington University economics professor Nick Szabo, based on textual analysis and some other clues, such as Szabo's expertise in digital currency and his role as founder of GoldCoin. Szabo's blog Unenumerated is fascinating reading, whether or not this analysis is right.
An anonymous reader writes "Australian spy agencies offered to share personal information about law-abiding Australian citizens with overseas governments. This includes legal, religious and medical information, which was shared about this Canadian women. Departments in the Australian Public service has also been caught spying on citizens. Even low-ranking public servants can look up information such as phone calls and email metadata without needing a warrant. The target is not notified."
theodp writes "'The night watchman of the future,' explains the NY Times' John Markoff, 'is 5 feet tall, weighs 300 pounds and looks a lot like R2-D2 – without the whimsy. And will work for $6.25 an hour.' California-based Knightscope has developed a mobile robot known as the K5 Autonomous Data Machine as a safety and security tool for corporations, as well as for schools and neighborhoods. 'But what is for some a technology-laden route to safer communities and schools,' writes Markoff, 'is to others an entry point to a post-Orwellian, post-privacy world.'"
BitVulture writes "Richard Stallman took time to air his views on the crypto-currency that has become virtually as valuable as gold. In an interview with Russian media giant RT, Stallman praised Bitcoin for allowing people to 'send money to someone without getting the permission of a payment company'. But he also warned against a major weakness of Bitcoin and called for the development of 'a system for truly anonymous payment' online."
An anonymous reader writes "A week ago, Slashdot was asked, "How do you protect your privacy?" The question named many different ways privacy is difficult to secure these days, but almost all of the answers focused on encrypting internet traffic. But what can you do about your image being captured by friends and strangers' cameras (not to mention drones, police cameras, security cameras, etc.)? How about when your personal data is stored by banks and healthcare companies and their IT department sucks? Heck; off-the-shelf tech can see you through your walls. Airport security sniffs your skin. There are countless other ways info on you can be collected that has nothing to do with your internet hygiene. Forget the NSA; how do you protect your privacy from all these others? Can you?"
Seattle diners who want to take their food-tweeting pictures with Google glass were already facing a preemptively hostile environment; now (in a different restaurant), a diner's been asked to remove his Google Glass headset, or leave. He chose to leave. Maybe Faraday cages and anti-surveillance features will become the norm at the restaurants where things like Glass are most likely to appear.
vikingpower writes "In the ever-longer wake of the NSA scandal, much-respected Dutch newspaper NRC today reveals, in English, as mandated by the gravity of the occasion, that the Dutch secret service, the AIVD, hacks internet forums. And yes, that is gross misconduct against Dutch law. The service, whose headquarters are in Zoetermeer, did not yet comment upon the divulgence of the document from Edward Snowden's collection. Incensed Dutch parliamentarians are calling for an enquiry."
angry tapir writes "With the look of Google Plus and Facebook-like elements, a new social network named "Syme" feels as cozy as a well-worn shoe. But beneath the familiar veneer, it's quite different. Syme encrypts all content, such as status updates, photos and files, so that only people invited to a group can view it. Syme, which hosts the content on its Canada-based servers, says it can't read it. "The overarching goal of Syme is to make encryption accessible and easy to use for people who aren't geeks or aren't hackers or who aren't cryptography experts," co-founder Jonathan Hershon said in an interview about the service." See also Diaspora.
Hugh Pickens DOT Com writes "David Talbot writes at MIT Technology review that engineers on the Internet Engineering Task Force (IETF), an informal organization of engineers that changes Internet code and operates by rough consensus, have asked the architects of Tor to consider turning the technology into an Internet standard. If widely adopted, such a standard would make it easy to include the technology in consumer and business products ranging from routers to apps and would allow far more people to browse the Web without being identified by anyone who might be spying on Internet traffic. The IETF is already working to make encryption standard in all web traffic. Stephen Farrell believes that forging Tor into a standard that interoperates with other parts of the Internet could be better than leaving Tor as a separate tool that requires people to take special action to implement. 'I think there are benefits that might flow in both directions,' says Farrell. 'I think other IETF participants could learn useful things about protocol design from the Tor people, who've faced interesting challenges that aren't often seen in practice. And the Tor people might well get interest and involvement from IETF folks who've got a lot of experience with large-scale systems.' Andrew Lewman, executive director of Tor, says the group is considering it. 'We're basically at the stage of 'Do we even want to go on a date together?' It's not clear we are going to do it, but it's worth exploring to see what is involved. It adds legitimacy, it adds validation of all the research we've done.'"
Jah-Wren Ryel writes "In 2012, Canadian Ellen Richardson was hospitalized for clinical depression. This past Monday she tried to board a plane to New York for a $6,000 Caribbean cruise. DHS denied her entry, citing supposedly private medical records listing her hospitalization. From the story: '“I was turned away, I was told, because I had a hospitalization in the summer of 2012 for clinical depression,’’ said Richardson, who is a paraplegic and set up her cruise in collaboration with a March of Dimes group of about 12 others.'"
theodp writes "As part of its plan to improve computer science education in the U.S., the Mark Zuckerberg and Bill Gates-backed Code.org is asking school districts to sign a contract calling for Code.org to receive 'longitudinal student achievement data' for up to seven academic years in return for course materials, small teacher stipends, and general support. The Gates Foundation is already facing a backlash from the broader academic community over attempts to collect student data as part of its inBloom initiative. The Code.org contract also gives the organization veto power over the district teachers selected to participate in the Code.org program, who are required to commit to teaching in the program for a minimum of two school years."
Daniel_Stuckey writes "Since Edward Snowden's disclosures about widespread NSA surveillance, Americans and people everywhere have been presented with a digital variation on an old analog threat: the erosion of freedoms and privacy in exchange, presumably, for safety and security. Bruce Schneier knows the debate well. He's an expert in cryptography and he wrote the book on computer security; Applied Cryptography is one of the field's basic resources, 'the book the NSA never wanted to be published,' raved Wired in 1994. He knows the evidence well too: lately he's been helping the Guardian and the journalist Glenn Greenwald review the documents they have gathered from Snowden, in order to help explain some of the agency's top secret and highly complex spying programs. To do that, Schneier has taken his careful digital privacy regime to a new level, relying on a laptop with an encrypted hard drive that he never connects to the internet. That couldn't prevent a pilfered laptop during, say, a 'black bag operation,' of course. 'I know that if some government really wanted to get my data, there'd be little I could do to stop them,' he says."
wired_parrot writes "New leaked documents show that the NSA was not only monitoring suspected radical sympathizers, but planned to discredit them based on their web-surfing habits. This includes not only evidence of porn browsing and online sexual activity, but also extortion and blackmail based on inappropriate use of funds. At the same time, the leaked document notes that very few of the targeted contacts were associated with terrorism."
hypnosec writes "The European Commission has outlined steps it believes will pave the way for restoring faith in EU-U.S. data flows following revelations about NSA spying activities under its PRISM program. The EC notes that spying on its citizens, companies, and leaders is unacceptable; and that citizens of U.S. and EU need to be reassured about protection of their data, while companies need to be reassured that the existing agreements between the two regions are respected and enforced. The Commission outlined a total of six areas that it believes require action including swift adoption of the EU's data protection reforms; making Safe Harbor safer; strengthening data protection safeguards in the law enforcement area; commitment from the U.S. for making use of a legal framework; addressing European concerns in the on-going U.S. reform process; and promoting privacy standards internationally."